CVE-2022-49722
📋 TL;DR
This CVE describes a memory corruption vulnerability in the Linux kernel's Intel ice network driver when handling Virtual Function (VF) resets. When a VF requests a reset while still having active queues, the Physical Function (PF) driver may incorrectly assume the VF is disabled, leading to DMA resource unmapping while the device continues to map packets to memory, causing silent memory corruption. This affects systems using Intel Ethernet 800 Series network adapters with SR-IOV virtualization enabled.
💻 Affected Systems
- Linux kernel with Intel ice network driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to system crash, potential privilege escalation, or data corruption affecting multiple VMs on the same host.
Likely Case
System instability, kernel panics, or crashes in VF driver workloads during VF reset operations.
If Mitigated
No impact if patched or if SR-IOV/VF functionality is disabled.
🎯 Exploit Status
Exploitation requires ability to trigger VF reset operations, typically requiring privileged access to manage VF configurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 1bb8253b1dd44cf004e12c333acc6f25ee286cf3 and efe41860008e57fb6b69855b4b93fdf34bc42798
Vendor Advisory: https://git.kernel.org/stable/c/1bb8253b1dd44cf004e12c333acc6f25ee286cf3
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For RHEL/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image. 4. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable SR-IOV/VF functionality
LinuxDisable Virtual Function support on affected Intel network adapters
echo 0 > /sys/class/net/<interface>/device/sriov_numvfs
🧯 If You Can't Patch
- Disable VF functionality on affected network interfaces
- Restrict privileged access to VF management operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if ice driver is loaded with SR-IOV enabled: lsmod | grep ice && cat /sys/class/net/*/device/sriov_numvfsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: grep -q '1bb8253b1dd44cf004e12c333acc6f25ee286cf3\|efe41860008e57fb6b69855b4b93fdf34bc42798' /proc/version📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages related to ice/iavf drivers
- BUG: unable to handle kernel paging request errors
- DMA mapping/unmapping errors in kernel logs
Network Indicators:
- Sudden network interface resets on VF-enabled adapters
- Increased packet loss on VF interfaces
SIEM Query:
source="kernel" AND ("ice" OR "iavf") AND ("panic" OR "BUG" OR "DMA" OR "paging request")